From c0c39d292ed75ad3efcbfe6805c4f0f22d801d3f Mon Sep 17 00:00:00 2001
From: Omar Khasawneh <okhasawn@amazon.com>
Date: Fri, 15 Sep 2023 12:41:30 -0500
Subject: [PATCH] Fix for CVE-2976 + add CVE checker (#624)

* Fix for CVE-2976 + add CVE checker

Signed-off-by: Omar Khasawneh <okhasawn@amazon.com>

* Updated Changelog

Signed-off-by: Omar Khasawneh <okhasawn@amazon.com>

---------

Signed-off-by: Omar Khasawneh <okhasawn@amazon.com>
(cherry picked from commit d09bb4eea03b4dd71232c84df8e7ffaa448b8faf)
---
 CHANGELOG.md                 | 1 +
 java-client/build.gradle.kts | 5 ++++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5185d1f4b2..77981d5a68 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -21,6 +21,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - Fix PutMappingRequest by removing unsupported fields ([#597](https://github.com/opensearch-project/opensearch-java/pull/597))
 - [BUG] JarHell caused by latest software.amazon.awssdk 2.20.141 ([#616](https://github.com/opensearch-project/opensearch-java/pull/616))
 - Don't over-allocate in HeapBufferedAsyncEntityConsumer in order to consume the response ([#620](https://github.com/opensearch-project/opensearch-java/pull/620))
+- Fixed CVE-2976 + added CVE checker ([#624](https://github.com/opensearch-project/opensearch-java/pull/624))
 
 ### Security
 
diff --git a/java-client/build.gradle.kts b/java-client/build.gradle.kts
index 97b9058993..68b8ace30d 100644
--- a/java-client/build.gradle.kts
+++ b/java-client/build.gradle.kts
@@ -49,8 +49,11 @@ plugins {
     checkstyle
     `maven-publish`
     id("com.github.jk1.dependency-license-report") version "2.5"
+    id("org.owasp.dependencycheck") version "8.4.0"
 }
 
+apply(plugin = "org.owasp.dependencycheck")
+
 configurations {
     all {
         exclude(group = "software.amazon.awssdk", module = "third-party-jackson-core")
@@ -58,7 +61,7 @@ configurations {
 }
 
 checkstyle {
-    toolVersion = "10.0"
+    toolVersion = "10.12.3"
 }
 
 java {